Antivirus and antispyware solutions generally employ traditional scan-based technologies to identify viruses, worms, Trojan horses, spyware, and other malware on an endpoint device. Typical antivirus and antispyware solutions may detect these threats by checking files for characteristics (e.g., anti-malware signatures) of known threats. Once it detects the threat, the solution may remediate it, typically by deleting or quarantining it.
As the number of malware threats increase, the sizes of signature databases that identify these threats also increase. However, large anti-malware signature databases may be undesirable on a client device due to an increased disk footprint. Server-side lookups may alleviate problems related to storing anti-malware signatures locally but may delay access to applications while waiting for an anti-malware signature before allowing an application to launch. Accordingly, the instant disclosure identifies a need for additional and improved systems and methods for looking up anti-malware signatures.